דרושים » אבטחת מידע וסייבר » Principal Consultant, Reactive Services, DFIR (Unit 42)

We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as grows.
Responsibilities:
Own and mature Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.

were looking for a Incident Management Analyst to help ensure the stability and reliability of our global IT services.
As a key member of the IT Operations team, youll support the rapid response and coordination of critical IT incidents. This role is ideal for someone who thrives in fast-paced environments, communicates clearly under pressure, and enjoys working cross-functionally to solve complex operational challenges.
Youll work closely with technical teams, stakeholders, and leadership to ensure incidents are managed efficiently, communication flows smoothly, and services are restored as quickly as possible. Your work will play a key role in maintaining service continuity and minimizing business impact.

What Youll Do

Identify, log, and classify major IT incidents reported by internal teams or external users
Coordinate response efforts by engaging appropriate technical teams and vendors to diagnose and resolve incidents,coordination calls and document actions, updates, and timelines
Track incidents ,provide a clear and timely communication between technical teams, business stakeholders, and leadership during major incidents. Along with root cause analyses (RCAs), including performance incidents reports,
Assist in preparing RCA reports and ensure documentation and communication are completed as required, Be a contribute to knowledge base articles.
Support daily review meetings to discuss recent and ongoing high-priority incidents and operational work
Follow established Major Incident and Change Management processes, policies, and tools
Generate reports, dashboards, and performance metrics for operational and leadership reviews
Support process adoption and assist with training or guidance related to incident management practices

we are looking for a Incident Response Director.
The Incident Response Director will be key to the success of Incident Response projects worldwide, and should possess strong leadership and client-facing skills, be highly technical and thrive in a fast-paced and dynamic environment.
Main Responsibilities :
Lead multiple teams of top-tier cyber security researchers and forensic experts responding to large-scale and complex cyber-attacks globally, beating real-world sophisticated threat actors.
Become a trusted advisor for client executives during incidents, and the main escalation point for crisis management.
Oversee all client-facing engagements within the EMEA region, assuring top quality delivery standards.
Train, guide and empower team leaders and team members, enhancing their technical, managerial, and consulting skills.
Support efforts to generate new business, by creating professional content and attending events, conferences and client meetings.
Be part of the management group Sygnias global IR department, lead and take part in cross-company projects and cooperations.

we are looking for an experienced Cyber Security Consulting Manager (Engagement Manager) to lead proactive consulting engagements with clients worldwide. The appropriate candidate will be responsible for the engagement lifecycle - from engagement planning, throughout the day-to-day engagement execution, management of consulting team and client interaction, until the successful engagement presentation and delivery.
Main Responsibilities:
Lead a team of top cyber security consultants (matrix management), to conduct and deliver a variety of proactive cyber security assessments and resilience-enhancing engagements.
Work on multiple engagements in parallel, at client sites or remotely.
Ensure the timely and successful delivery of services according to the engagement scope, objectives, budget, timelines, and clients needs.
Develop and present status updates and summary reports to a variety of audiences, including technical teams, CISOs, CIOs/CTOs, and executive management.
Serve as the trusted advisor to industry-leading multinational organizations, acting as the primary point of contact with clients before, during, and after engagements.
Support the building of long-term relationships with clients, ensuring continuous client impact and success.
Participate in and lead business development activities, internal capability-building efforts, methodology development, and strategic discussions.

As the architect of the Autonomous SOC, you will dive deep into Windows and Linux internals to understand modern adversary techniques. Your mission is to transform the complex art of incident response into high-fidelity, automated science. You will investigate attacker tradecraft, analyze forensic artifacts, and build the logic that allows customers to respond to breaches in seconds.
How we work:
The Anatomy of an Attack: We deconstruct complex attack patterns across Windows and Linux to build forensic "blueprints." We don't just find a threat; we map out the exact response flows and forensic steps needed to dismantle it from the inside out.
Precision Matters: We obsess over finding the exact thresholds that allow us to neutralize threats without disrupting the user experience.
Innovation First: We aren't satisfied with off-the-shelf tools; we develop our own research frameworks and leverage AI to amplify our efficiency.
From Insight to Action: We don't just write reports. Every piece of research we conduct is designed to be codified into a sophisticated, automated response playbook that protects our customers at machine speed.
Were looking for people who want to see their research solve "impossible" problems in real-time.
Key Responsibilities
Deep Forensic Research: Conduct original research into Windows and Linux attack surfaces to identify new response and remediation vectors.
Codify IR Tradecraft: Translate complex investigative steps (e.g., memory forensics, binary analysis, or cloud-native IR) into scalable, automated workflows.
Engineer Autonomous Logic: Design "self-healing" security playbooks that don't just alert, but actively neutralize threats across Endpoint, Identity, and Cloud environments.
Telemetry Mining: Hunt through massive datasets in Cortex XSIAM to find the "ground truth" of an attack and validate that your automations are bulletproof.
Shape the Product: Act as a subject matter expert for the engineering team, influencing how our XDR and NDR sensors collect data based on your IR findings.

We are seeking a Security Research Team Leader to join our team of highly skilled professionals, which includes security researchers, operations analysts, and data scientists.
This team continuously hunts for threats, evaluates emerging attack vectors, and develops innovative detection techniques in the field of malvertising and advertising security. Our mission is to protect customers from attacks generated by malicious advertisements (malvertising).
What You'll Do:
Lead detection innovation. Design and implement new methodologies to identify and stop malvertising attacks before they reach end users.
Drive signal research. Research and develop signal-collection strategies across mobile and desktop environments to strengthen detection and enhance customer protection.
Expand scanning capabilities. Devise approaches to overcome bot detection mechanisms and ensure comprehensive website coverage.
Deliver customer impact. Understand customer-specific security requirements, translate them into actionable research, and consistently exceed expectations.
Map adversary behavior. Discover and document the tactics, techniques, and procedures (TTPs) employed by malvertisers and related threat actors.
Elevate data-driven detection. Create and validate data insights that enhance detection quality and drive measurable improvements in protection efficacy.
Share knowledge broadly. Publish security research through blog posts, internal knowledge bases, conference presentations, and external engagements - translating complex discoveries into clear, impactful narratives.
Hunt threats proactively. Identify malicious activity across the internet, reverse-engineer attack execution, and produce thorough technical documentation.
Stay ahead of the curve. Continuously monitor the cybersecurity landscape for trends, emerging threats, and developments relevant to our mission.
Mentor and lead. Contribute high-impact work that moves team-level metrics, while actively providing leadership, guidance, and mentorship to peers and junior researchers.
Build better tools. Develop techniques, scripts, and tooling to streamlne workflows and amplify the broader team's productivity.

Are you an innovative security researcher with a deep understanding of the cyber threat landscape and a passion for protecting modern environments? Do you want to tackle the challenge of securing enterprise networks against evolving threats?
We are seeking a highly skilled professional to focus on the critical, fast-paced domain of Virtualization Security. As a foundational member of a newly formed and growing team, you will explore the 'blue ocean' of threat detection, pioneering next-generation capabilities within the worlds largest cybersecurity enterprise. This is a unique opportunity to apply your expertise and influence the future of threat prevention-helping us build cutting-edge security solutions from the ground up.
Key Responsibilities
Conduct deep research into virtualization technologies, and targeted attacks to fortify our attack prevention mechanisms.
Stay current with the latest attacker methodologies, APT campaigns, and Tactics, Techniques, and Procedures (TTPs) targeting virtualization systems.
Analyze emerging threats and malware to identify new techniques and formulate effective detection and prevention strategies.
Leverage AI and big data methodologies to investigate and analyze extensive datasets across our customer base.
Design cutting-edge protection components and develop sophisticated detection rules to enhance the effectiveness of our security solutions.
Drive the research and development of novel protection concepts, seeing them through to production-grade quality, and serve as a subject matter expert in the field.
Play a pivotal role in shaping the future of our security product offerings.
Collaborate closely with Engineering, Product Management, and other research teams to seamlessly translate research findings and insights into new production features.

We are expanding our Research Team and are looking for a Junior Malware Researcher with a strong technical mindset, excellent communication skills, and a passion for problem-solving.
As a Malware Researcher, you will be responsible for hunting emerging malware and malvertising campaigns and developing effective detection methods to protect global customers. You will work closely with the R&D and Product teams and be part of a friendly, professional team based in Tel Aviv, supporting customers worldwide.
Responsibilities:
Detect, monitor, and hunt new malvertising and malware threats
Research new attack vectors, delivery methods, and evasion techniques
Develop and improve detection logic and signatures
Investigate malicious campaigns using internal tools, databases, logs, and external intelligence sources to uncover hidden patterns
Analyze web traffic, scripts, redirects, and network behavior to identify malicious activity
Collaborate with R&D and Product teams to translate research into production-grade protections
Contribute to internal documentation, research reports, and best practices to improve knowledge sharing and support processes

We are looking for a Research Team Lead to establish and lead a cross-product research team focused on horizontal, high-impact initiatives that influence multiple company offerings.
Unlike product-embedded research roles, this team drives foundational and strategic research projects across networking, security, identity, automation, and AI-driven capabilities. Examples include large-scale reasoning systems, autonomous policy frameworks, cross-domain detection and response concepts (xOps), and platform-wide intelligence capabilities.
You will combine deep technical expertise with strong leadership and execution skills -identifying impactful research directions, building a high-performing team, and turning advanced research into real platform capabilities used by thousands of customers worldwide.
Responsibilities
Technical Vision & Strategy
Define and execute the roadmap for cross-product research initiatives.
Identify high-leverage research opportunities that impact multiple domains and products.
Drive long-term architectural thinking and influence platform evolution.
Balance innovation, experimentation, and production-readiness.
Team Leadership
Recruit, mentor, and grow a multidisciplinary team of researchers (AI, data, algorithms, networking, security).
Establish high standards for research rigor, experimentation methodology, and engineering quality.
Foster a culture of ownership, collaboration, and technical excellence.
Research & Execution
Lead complex, ambiguous research initiatives from ideation through validation and productionization.
Design large-scale experiments and validation methodologies using our companys data platform.
Drive innovation in areas such as:
Autonomous policy systems
Cross-domain detection and response frameworks
Large-scale reasoning and decision systems
Data-driven optimization and automation capabilities
Ensure research outcomes are measurable, scalable, and aligned with business impact.
Cross-Functional Collaboration
Work closely with Product, Engineering, Architecture, and Product Research teams to translate research into shipped capabilities.
Provide technical guidance and influence cross-organizational decisions.
Act as a bridge between exploratory research and production systems.
Communication & Influence
Present research findings and strategic recommendations to senior leadership.
Produce clear technical documentation, design proposals, and internal position papers.
Represent Platform Research as a center of excellence for cross-product innovation.